package cn.wolfcode.web.controller;

import cn.wolfcode.domain.Employee;
import cn.wolfcode.qo.MyAJAX;
import cn.wolfcode.service.IEmployeeService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;
import java.util.List;

@Controller
public class LoginController {

    @Autowired
    private IEmployeeService employeeService;

    @RequestMapping("/empLogin")
    @ResponseBody
    public MyAJAX login(String username, String password, HttpSession session) {
        Employee loginEmployee = null;
        try {
            loginEmployee = employeeService.login(username, password);
            session.setAttribute("USER_IN_SESSION", loginEmployee);
            //用工具类代替
            //UserContextUtil.setUserContext(loginEmployee);
            //如果不是超管就把权限给查出来,便于权限同行
            if (!loginEmployee.isAdmin()) {
                //通过员工ID查出这个员工所含有的权限表达式
                List<String> expressions = employeeService.selectByPermission(loginEmployee.getId());
                //把个这个表达式传进session,目的是能让拦截器取到这个权限
                session.setAttribute("EXPRESSION_IN_SESSION", expressions);
                //用工具类代替
                //UserContextUtil.setPermission(expressions);
            }
        } catch (Exception e) {
            MyAJAX myAJAX = new MyAJAX();
            myAJAX.setMsg(e.getMessage());
            myAJAX.setSuccess(false);
            return myAJAX;
        }
        return new MyAJAX();
    }
    //跳转到没有权限页面
    @RequestMapping("/noPermission")
    public String noPermission() {
        return "/common/nopermission";
    }
}
